facebook rss twitter

Mozilla looks to BrowserID to simplify logins on the Web

by Hugo Jobling on 15 July 2011, 17:10

Quick Link: HEXUS.net/qa6ov

Add to My Vault: x

Open sesame

Mozilla has revealed a new authentication system, which it calls BrowserID, which to enable users to log into multiple websites using a single sign-in. The idea isn't new, but the implementation is interesting, as it piggybacks on email to provide user identities - a move aimed at improving ease of use.

The current implementation uses simple HTML and JavasScript, so will run in just about any browser - however, in the future Mozilla sees integration with the browser itself - hence BrowserID - with identities shared across browsers on different systems using cloud syncing solutions.

The system is similar to other universal login options such as OpenID in that it decouples the authentication of users from the website they are visiting, so that one login identity can be used across multiple sites. Where BrowserID is different, however, is its use of email addresses as its means of identifying users.

The reasoning behind this is simple: email is a system that is well understood to represent an identity on the Internet already, so an authentication system tacked onto email is easily understood by even the most un-tech savvy users. Conversely, OpenID and its contemporaries, says Mozilla, can prove confusing and difficult for the less technically adept user to grasp.

Mozilla is also keep to highlight the decentralised nature of BrowserID. Although growserid.org acts as an authentication backend, verifying that users own the emails they are attempting to sign into sites with, there's no requirement to use it. A third party authentication server can be used - a long as it is supported by the website a user is trying to log in to.

Although this could prove a problem for small entities, if a large email provider such as Google put its support behind BrowserID, it could greatly increase both the simplicity and proliferation of the service. It's worth noting that Google already offers federated logins using OpenID so it's not adverse to the concept.

It will be interesting to see if Mozilla can succeed in popularising a decentralised login system, where so many others have failed (or at least not enjoyed widespread success).

HEXUS Forums :: 12 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by AledJ - Fri 15 Jul 2011 17:24
Am I the only one who thinks this Browser ID thing is a bad idea? I mean at the moment I have loads of different passwords of various complexity. But with Browser ID am I right in thinking you would for example use the same email and password for a number of sites? So what if the Browser ID list is hacked? The hackers now have access to all those sites I have registered on. Where as now because I use a different password for each site, if one is hacked it will not compromise the others. Have I got the right end of the stick here?
Posted by blueball - Fri 15 Jul 2011 17:35
and why not let Sony host it? :surprised:
Posted by Noxvayl - Fri 15 Jul 2011 17:40
I think your security concerns are good ones, it does provide an easy way to access multiple accounts of yours provided they can crack your password. I've always kept different passwords for that reason.

I currently use LastPass which instead of replacing a password for every site you use, it just stores your data for each site. They use plenty of encryption which is way beyond my knowledge, all I know is that it is far more secure than what I used to have(browser password saves). I love the option for multi-factor authentication where you have a password and something else to verify your login(I use a simple GRID they provide for free). It has made my 50+ logins easier to manage, well worth it in my opinion.
Posted by Saracen - Fri 15 Jul 2011 22:52
AledJ
Am I the only one who thinks this Browser ID thing is a bad idea? ….
No, you're not the only one. I'll go further than that. I will not use it, and if it means changing browser, or sticking with old versions, I'll do that. So if Mozilla adopt this, it had better be optional.

In addition to your concerns, I'm NOT giving an outfit like Google access to the sites I visit, let alone potentially access to the logins. It ain't happening.

with identities shared across browsers on different systems using cloud syncing solutions.
The cloud bit puts me right off. Any access to lists of my online activity is staying, as far as is possible, on my PC and I'm certainly not syncing it via the cloud. Big corporates already know far too much about us, and I don't trust Google, or any other large corporate, with than information any further than I can throw their corporate HQ. So I'm not making their data collection activities or warehousing any easier, and in fact, already work quite hard to keep my profile with them as low as possible.
Posted by cameronlite - Sat 16 Jul 2011 07:46
Mozilla is also keep to highlight the decentralised nature of BrowserID.
Also, JavasScript in the second paragraph.

Although this system is a good idea, it's definitely risky. There must be a better way to impliment it - maybe add a personal detail to it, e.g postcode, but that's only an example.

SEE NEWER »